Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV protection 2011 and google redirict


  • This topic is locked This topic is locked
68 replies to this topic

#1 rob reynolds

rob reynolds

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 30 November 2011 - 08:38 PM

Thank you for volunteering to help computer users. I had the AV protection 2011 virus, and also redirection of Google searches. I stopped the AV Protection 2011 by doing a System Restore, but some of my files are probably still corrupted. Also the Google redirect problem is still happening. I read about TDSS Killer here on the forum. I downloaded it, but it will not run. I downloaded Malwarebytes and ran it. It said that it fixed a lot of things, but I still have the Google redirect problem.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Robbie and Laura at 17:31:38 on 2011-11-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.438 [GMT -6:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.netflix.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Uniblue RegistryBooster2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\robbie and laura\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [SpybotDeletingD7723] cmd.exe /c del "c:\windows\wt\webdriver\4.1.1\objectbundle.dll"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\robbie~1\startm~1\programs\startup\hughes~1.lnk - c:\program files\hughesnetstatusmeter\hughesnetstatusmeter\HughesNetStatusMeter.exe
StartupFolder: c:\docume~1\robbie~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169728736390
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{47B59E28-AF78-409A-A31A-BAD03C227169} : DhcpNameServer = 192.168.0.1 0.0.0.0 0.0.0.0
Filter: text/html - {8556f861-0e2f-4963-a009-6111745a01c1} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-28 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-28 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2008-3-18 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2008-3-18 28800]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-1-2 709248]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
.
=============== Created Last 30 ================
.
2011-11-28 17:45:04 -------- d-----w- c:\documents and settings\robbie and laura\application data\Malwarebytes
2011-11-28 17:44:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-28 17:44:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 17:44:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 14:30:26 112128 ----a-w- c:\documents and settings\all users\application data\Lsrp4F7H.exe
2011-11-24 13:25:13 112128 ----a-w- c:\windows\system32\Rbe68o.com
2011-11-24 05:55:57 -------- d-----w- c:\windows\system32\%APPDATA%
2011-11-24 04:24:38 -------- d-----w- c:\documents and settings\robbie and laura\application data\FCTB000060231
2011-11-24 04:24:29 -------- d-----w- c:\program files\Dogpile Bundle Toolbar
2011-11-24 04:18:50 -------- d-----w- c:\program files\Virtools
2011-11-24 04:18:48 -------- d-----w- c:\program files\Costco
2011-11-24 04:18:48 -------- d-----w- c:\program files\common files\HP
2011-11-24 04:18:42 -------- d-----w- C:\VXIPNP
2011-11-24 04:18:42 -------- d-----w- c:\program files\NDW
2011-11-24 04:18:41 -------- d-----w- c:\program files\National Instruments
2011-11-24 04:18:12 -------- d-----w- c:\program files\Nvu
2011-11-24 04:17:46 -------- d-----w- c:\program files\Novatel Wireless
2011-11-24 04:17:46 -------- d-----w- c:\program files\JumpStart Spy Masters
2011-11-24 04:17:41 -------- d-----w- c:\program files\Verizon Wireless
2011-11-24 04:17:29 -------- d-----w- c:\program files\common files\TiVo Shared
2011-11-24 04:17:10 -------- d-----w- c:\windows\system32\DLA
2011-11-23 18:14:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-23 18:14:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-23 16:52:18 112128 ----a-w- c:\windows\system32\Rbe68o.com_
2011-11-23 05:58:08 -------- d-----w- c:\documents and settings\robbie and laura\application data\4C0CA
2011-11-23 05:58:04 -------- d-----w- c:\program files\LP
.
==================== Find3M ====================
.
2005-06-08 18:30:24 356352 ----a-w- c:\program files\BulkFileRenamer.exe
2003-04-22 23:52:24 658944 ----a-w- c:\program files\Screen Shoot-It.exe
2003-04-06 01:03:08 42256 ----a-w- c:\program files\GUTILS.DLL
2003-04-03 06:20:28 89360 ----a-w- c:\program files\WINDIFF.EXE
1998-05-06 01:10:22 250816 ----a-w- c:\program files\Softy.exe
1997-06-05 17:28:04 329728 ----a-w- c:\program files\ListFonts.exe
.
============= FINISH: 17:39:22.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:24 AM

Posted 01 December 2011 - 02:34 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please copy and paste the contents of the OTS report into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 01 December 2011 - 11:06 AM


OTS logfile created on: 12/1/2011 9:59:28 AM - Run 1

OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\Robbie and Laura\Desktop\virus fix

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,014.00 Mb Total Physical Memory | 661.00 Mb Available Physical Memory | 65.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.33 Gb Total Space | 3.80 Gb Free Space | 2.63% Space Free | Partition Type: NTFS

Unable to calculate disk information.

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MERGATROID

Current User Name: Robbie and Laura

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

 

[Processes - Safe List]

ots.exe -> C:\Documents and Settings\Robbie and Laura\Desktop\virus fix\OTS.exe -> [2011/12/01 09:53:01 | 000,646,144 | ---- | M] (OldTimer Tools)

mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)

soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org)

soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)

uaservice7.exe -> C:\WINDOWS\system32\UAService7.exe -> [2008/03/06 20:20:49 | 000,126,976 | ---- | M] ()

webupdatesvc.exe -> C:\WINDOWS\system32\WebUpdateSvc.exe -> [2006/11/16 17:32:40 | 000,274,432 | ---- | M] (Data Perceptions / PowerProgrammer)

stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.)

iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation)

iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation)

dmxlauncher.exe -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [2005/10/05 03:12:00 | 000,094,208 | ---- | M] ()

dlactrlw.exe -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE -> [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)

lxbfbmon.exe -> C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe -> [2003/09/23 00:20:01 | 000,049,152 | ---- | M] (Lexmark International, Inc.)

lxbfbmgr.exe -> C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe -> [2003/09/23 00:01:39 | 000,057,344 | ---- | M] (Lexmark International, Inc.)

 

[Modules - No Company Name]

libxml2.dll -> C:\Program Files\OpenOffice.org 3\program\libxml2.dll -> [2010/05/04 15:36:28 | 000,970,752 | ---- | M] ()

quartz.dll -> C:\WINDOWS\system32\quartz.dll -> [2009/06/03 13:09:37 | 001,291,264 | ---- | M] ()

msdmo.dll -> C:\WINDOWS\system32\msdmo.dll -> [2008/04/13 18:11:59 | 000,014,336 | ---- | M] ()

devenum.dll -> C:\WINDOWS\system32\devenum.dll -> [2008/04/13 18:11:51 | 000,059,904 | ---- | M] ()

uaservice7.exe -> C:\WINDOWS\system32\UAService7.exe -> [2008/03/06 20:20:49 | 000,126,976 | ---- | M] ()

dmxlauncher.exe -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [2005/10/05 03:12:00 | 000,094,208 | ---- | M] ()

sbe.dll -> C:\WINDOWS\system32\sbe.dll -> [2005/08/05 14:01:54 | 000,282,112 | ---- | M] ()

lxbfpp5c.dll -> C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBFPP5C.DLL -> [2003/07/21 08:13:34 | 000,078,336 | ---- | M] ()

 

[Win32 Services - Safe List]

(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found

(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)

(UserAccess7) SecuROM User Access Service (V7) [Auto | Running] -> C:\WINDOWS\system32\UAService7.exe -> [2008/03/06 20:20:49 | 000,126,976 | ---- | M] ()

(XAudioService) XAudioService [Auto | Stopped] -> C:\WINDOWS\system32\drivers\ACFXAU32.exe -> [2007/07/10 02:13:48 | 000,386,560 | R--- | M] (Conexant Systems, Inc.)

(WebUpdate) Web Update Service by PowerProgrammer [Auto | Running] -> C:\WINDOWS\system32\WebUpdateSvc.exe -> [2006/11/16 17:32:40 | 000,274,432 | ---- | M] (Data Perceptions / PowerProgrammer)

(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation)

 

[Driver Services - Safe List]

(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation)

(NWADI) NWADI Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NWADIenum.sys -> [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc)

(NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nwusbser2_000.sys -> [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.)

(NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nwusbser_000.sys -> [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.)

(NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -> [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.)

(NWUSBCDFIL) Novatel Wireless Installation CD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -> [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.)

(SMSIVZAM5) SMSIVZAM5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -> [2010/04/14 20:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.)

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/08/27 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)

(rt2870) Ralink 802.11n USB Wireless LAN Card Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2870.sys -> [2009/03/04 03:30:14 | 000,709,248 | R--- | M] (Ralink Technology, Corp.)

(dgcfltr) DGC Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ACFDCP32.sys -> [2007/07/10 02:13:38 | 000,028,800 | R--- | M] (Conexant Systems, Inc.)

(XAudio) XAudio [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ACFXAU32.sys -> [2007/07/10 02:13:32 | 000,008,704 | R--- | M] (Conexant Systems, Inc.)

(acfva) acfva [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ACFVA32.sys -> [2007/06/29 04:39:46 | 000,086,656 | R--- | M] (Conexant Systems Inc.)

(mdmxsdk) Modem SDK Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ACFSDK32.sys -> [2007/03/15 03:52:34 | 000,012,672 | R--- | M] (Conexant)

(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.)

(FANTOM) LEGO MINDSTORMS NXT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\fantom.sys -> [2006/03/10 15:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation)

(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -> [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.)

(FETNDISB) Dynex DX-E101 PCI Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\dxe1015b.sys -> [2005/12/29 00:03:00 | 000,043,008 | R--- | M] (Best Buy Corporation                )

(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)

(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)

(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)

(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)

(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)

(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)

(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)

(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)

(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)

(smserial) smserial [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\smserial.sys -> [2005/01/10 17:25:00 | 000,923,826 | R--- | M] (Motorola Inc.)

(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DDMI2.sys -> [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.)

(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)

(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)

(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128 -> 

HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128 -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128 -> 

HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us -> 

HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.netflix.com/ -> 

HKEY_CURRENT_USER\: URLSearchHooks\\"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found

HKEY_CURRENT_USER\: URLSearchHooks\\"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}" [HKLM] -> C:\Program Files\Dogpile Bundle Toolbar\Helper.dll [FCToolbarURLSearchHook Class] -> [2011/04/28 21:05:48 | 000,357,376 | ---- | M] ()

HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 

HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1 -> 

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\extensions ->  -> 

HKLM\software\mozilla\SeaMonkey 1.1\Extensions ->  -> 

HKLM\software\mozilla\SeaMonkey 1.1\Extensions\\Components -> C:\Program Files\mozilla.org\SeaMonkey\components [C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\COMPONENTS] -> [2011/11/23 10:26:03 | 000,000,000 | ---D | M]

HKLM\software\mozilla\SeaMonkey 1.1\Extensions\\Plugins -> C:\Program Files\mozilla.org\SeaMonkey\plugins [C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\PLUGINS] -> [2010/06/03 20:25:36 | 000,000,000 | ---D | M]

< FireFox Extensions [User Folders] > -> 

  -> C:\Documents and Settings\Robbie and Laura\Application Data\Mozilla\Extensions -> [2011/04/28 21:05:04 | 000,000,000 | ---D | M]

No name found   -> C:\Documents and Settings\Robbie and Laura\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} -> [2010/02/14 07:49:15 | 000,000,000 | ---D | M]

  -> C:\Documents and Settings\Robbie and Laura\Application Data\Mozilla\SeaMonkey\Profiles\emn2lecz.default\extensions -> [2010/02/14 07:49:15 | 000,000,000 | ---D | M]

Hosts file not found -> -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)

{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/03/24 11:13:59 | 000,668,656 | ---- | M] (Google Inc.)

{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} [HKLM] -> C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll [Dogpile Bundle Toolbar BHO] -> [2011/04/28 21:05:48 | 001,534,976 | ---- | M] ()

{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/17 04:46:38 | 000,098,304 | ---- | M] (Dell Inc.)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}" [HKLM] -> C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll [Dogpile Bundle Toolbar] -> [2011/04/28 21:05:48 | 001,534,976 | ---- | M] ()

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

WebBrowser\\"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}" [HKLM] -> C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll [Dogpile Bundle Toolbar] -> [2011/04/28 21:05:48 | 001,534,976 | ---- | M] ()

WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"DLA" -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)

"DMXLauncher" -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/10/05 03:12:00 | 000,094,208 | ---- | M] ()

"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] -> [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation)

"Lexmark X6100 Series" -> C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe ["C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"] -> [2003/09/23 00:01:39 | 000,057,344 | ---- | M] (Lexmark International, Inc.)

"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)

"Motive SmartBridge" ->  [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe] -> File not found

"Nikon Transfer Monitor" -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe] -> [2009/02/24 16:00:26 | 000,479,232 | ---- | M] (Nikon Corporation)

"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.)

"SMSERIAL" -> C:\WINDOWS\sm56hlpr.exe [sm56hlpr.exe] -> [2004/12/28 16:01:00 | 000,544,768 | R--- | M] (Motorola Inc.)

"Symantec PIF AlertEng" ->  ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> File not found

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

"Uniblue RegistryBooster2" ->  [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found

"updateMgr" -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1] -> [2006/03/30 16:45:08 | 000,313,472 | R--- | M] (Adobe Systems Incorporated)

"Weather" ->  [C:\Program Files\AWS\WeatherBug\Weather.exe 1] -> File not found

"Yahoo! Pager" ->  [1] -> File not found

< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"SpybotDeletingD7723" -> C:\WINDOWS\System32\cmd.exe [cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"] -> [2008/04/13 18:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)

< Robbie and Laura Startup Folder > -> C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\Startup -> 

C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk ->  -> File not found

C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2010/05/20 12:14:28 | 001,195,008 | ---- | M] ()

< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Recovery

\Recovery\\"NoReopenLastSession" ->  [1] -> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"HonorAutoRunSetting" ->  [1] -> File not found

\\"NoCDBurning" ->  [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 03:39:00 | 001,347,728 | ---- | M] (Microsoft)

\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 02:03:28 | 000,001,293 | ---- | M] ()

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [0] -> File not found

< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169728736390 [WUWebControl Class] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 

Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 

DhcpNameServer -> 209.142.152.254 64.91.3.46 0.0.0.0 -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{47B59E28-AF78-409A-A31A-BAD03C227169}\\DhcpNameServer -> 209.142.152.254 64.91.3.46 0.0.0.0   (Intel(R) 82562V 10/100 Network Connection) -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 

"C:\Doom2\Legacy.exe" -> C:\Doom2\Legacy.exe [C:\Doom2\Legacy.exe:*:Enabled:Legacy] -> [2004/04/18 22:36:00 | 000,978,999 | ---- | M] ()

"C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe" -> C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe [C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Bundle Toolbar (Update)] -> [2009/06/25 17:54:08 | 000,143,496 | ---- | M] (FreeCause Inc.)

"C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe" -> C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe [C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Bundle Toolbar (Helper)] -> [2010/10/08 23:17:30 | 000,102,296 | ---- | M] (FreeCause Inc.)

"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" ->  [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> File not found

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> CD-ROM Driver -> 

"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > ->  -> 

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 04:43:04 | 000,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

\{361ac05d-0e0d-11da-9aa9-806d6172696f}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell

\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun

\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command

\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\"" ->  [E:\setup.exe] -> File not found

\{74cfccd7-f7da-11df-b717-000c432177ce}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74cfccd7-f7da-11df-b717-000c432177ce}\Shell

\{74cfccd7-f7da-11df-b717-000c432177ce}\Shell\\"" ->  [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74cfccd7-f7da-11df-b717-000c432177ce}\Shell\AutoRun

\{74cfccd7-f7da-11df-b717-000c432177ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74cfccd7-f7da-11df-b717-000c432177ce}\Shell\AutoRun\command

\{74cfccd7-f7da-11df-b717-000c432177ce}\Shell\AutoRun\command\\"" ->  [E:\VZAccess_Manager.exe /z detect] -> File not found

\{74cfccda-f7da-11df-b717-000c432177ce}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74cfccda-f7da-11df-b717-000c432177ce}\Shell

\{74cfccda-f7da-11df-b717-000c432177ce}\Shell\\"" ->  [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74cfccda-f7da-11df-b717-000c432177ce}\Shell\AutoRun

\{74cfccda-f7da-11df-b717-000c432177ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74cfccda-f7da-11df-b717-000c432177ce}\Shell\AutoRun\command

\{74cfccda-f7da-11df-b717-000c432177ce}\Shell\AutoRun\command\\"" ->  [E:\VZAccess_Manager.exe /z detect] -> File not found

\{7a6b407e-ad8c-11db-a329-001676e256eb}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a6b407e-ad8c-11db-a329-001676e256eb}\Shell\AutoRun\command

\{7a6b407e-ad8c-11db-a329-001676e256eb}\Shell\AutoRun\command\\"" ->  [PortableApps\PortableAppsMenu\PortableAppsMenu.exe] -> File not found

\{a0ab27e1-ac21-11db-a326-001676e256eb}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0ab27e1-ac21-11db-a326-001676e256eb}\Shell\AutoRun\command

\{a0ab27e1-ac21-11db-a326-001676e256eb}\Shell\AutoRun\command\\"" ->  [E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe] -> File not found

\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}\Shell

\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}\Shell\\"" ->  [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}\Shell\AutoRun

\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}\Shell\AutoRun\command

\{e8994cf8-7aae-11dc-a387-8c0c27d79e82}\Shell\AutoRun\command\\"" ->  [E:\LaunchU3.exe -a] -> File not found

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 

comfile [open] -> "%1" %* -> 

exefile [open] -> "%1" %* -> 

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 

.com [@ = comfile] -> "%1" %* -> 

.exe [@ = exefile] -> "%1" %* -> 

 

 

[Files/Folders - Created Within 30 Days]

 virus fix -> C:\Documents and Settings\Robbie and Laura\Desktop\virus fix -> [2011/11/30 18:08:16 | 000,000,000 | ---D | C]

 Kevin Trudeau-25 Secrets to Wealth Creation -> C:\Documents and Settings\Robbie and Laura\Desktop\Kevin Trudeau-25 Secrets to Wealth Creation -> [2011/11/30 10:01:27 | 000,000,000 | ---D | C]

 Flash Forward -> C:\Documents and Settings\Robbie and Laura\Desktop\Flash Forward -> [2011/11/30 09:57:27 | 000,000,000 | ---D | C]

 Malwarebytes -> C:\Documents and Settings\Robbie and Laura\Application Data\Malwarebytes -> [2011/11/28 11:45:04 | 000,000,000 | ---D | C]

 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/11/28 11:44:54 | 000,000,000 | ---D | C]

 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2011/11/28 11:44:53 | 000,000,000 | ---D | C]

 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2011/11/28 11:44:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation)

 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/11/28 11:44:49 | 000,000,000 | ---D | C]

 mbam-setup-1.51.2.1300.exe -> C:\Documents and Settings\Robbie and Laura\Desktop\mbam-setup-1.51.2.1300.exe -> [2011/11/28 11:41:05 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    )

 FCTB000060231 -> C:\Documents and Settings\NetworkService\Application Data\FCTB000060231 -> [2011/11/24 00:25:29 | 000,000,000 | ---D | C]

 %APPDATA% -> C:\WINDOWS\System32\%APPDATA% -> [2011/11/23 23:55:57 | 000,000,000 | ---D | C]

 Google Earth -> C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth -> [2011/11/23 23:34:02 | 000,000,000 | ---D | C]

 FCTB000060231 -> C:\Documents and Settings\Robbie and Laura\Application Data\FCTB000060231 -> [2011/11/23 22:24:38 | 000,000,000 | ---D | C]

 Dogpile Bundle Toolbar -> C:\Program Files\Dogpile Bundle Toolbar -> [2011/11/23 22:24:29 | 000,000,000 | ---D | C]

 Dogpile Bundle Toolbar -> C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\Dogpile Bundle Toolbar -> [2011/11/23 22:24:29 | 000,000,000 | ---D | C]

 Recent -> C:\Documents and Settings\Robbie and Laura\Recent -> [2011/11/23 22:22:02 | 000,000,000 | RH-D | C]

 Virtools -> C:\Program Files\Virtools -> [2011/11/23 22:18:50 | 000,000,000 | ---D | C]

 HP -> C:\Program Files\Common Files\HP -> [2011/11/23 22:18:48 | 000,000,000 | ---D | C]

 Costco Photo Organizer -> C:\Documents and Settings\All Users\Start Menu\Programs\Costco Photo Organizer -> [2011/11/23 22:18:48 | 000,000,000 | ---D | C]

 Costco -> C:\Program Files\Costco -> [2011/11/23 22:18:48 | 000,000,000 | ---D | C]

 ExpressPCB -> C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\ExpressPCB -> [2011/11/23 22:18:43 | 000,000,000 | ---D | C]

 VXIPNP -> C:\VXIPNP -> [2011/11/23 22:18:42 | 000,000,000 | ---D | C]

 NDW -> C:\Program Files\NDW -> [2011/11/23 22:18:42 | 000,000,000 | ---D | C]

 National Instruments -> C:\Program Files\National Instruments -> [2011/11/23 22:18:41 | 000,000,000 | ---D | C]

 Nvu -> C:\Documents and Settings\All Users\Start Menu\Programs\Nvu -> [2011/11/23 22:18:20 | 000,000,000 | ---D | C]

 Nvu -> C:\Program Files\Nvu -> [2011/11/23 22:18:12 | 000,000,000 | ---D | C]

 PCB123 V2 -> C:\Documents and Settings\All Users\Start Menu\Programs\PCB123 V2 -> [2011/11/23 22:18:03 | 000,000,000 | ---D | C]

 Portal -> C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\Portal -> [2011/11/23 22:17:50 | 000,000,000 | ---D | C]

 Novatel Wireless -> C:\Program Files\Novatel Wireless -> [2011/11/23 22:17:46 | 000,000,000 | ---D | C]

 JumpStart Spy Masters -> C:\Program Files\JumpStart Spy Masters -> [2011/11/23 22:17:46 | 000,000,000 | ---D | C]

 Verizon Wireless -> C:\Program Files\Verizon Wireless -> [2011/11/23 22:17:41 | 000,000,000 | ---D | C]

 TiVo Shared -> C:\Program Files\Common Files\TiVo Shared -> [2011/11/23 22:17:29 | 000,000,000 | ---D | C]

 Roxio -> C:\Documents and Settings\All Users\Start Menu\Programs\Roxio -> [2011/11/23 22:17:17 | 000,000,000 | ---D | C]

 RcCAD_V2 -> C:\Documents and Settings\Robbie and Laura\Start Menu\Programs\RcCAD_V2 -> [2011/11/23 22:17:10 | 000,000,000 | ---D | C]

 DLA -> C:\WINDOWS\System32\DLA -> [2011/11/23 22:17:10 | 000,000,000 | ---D | C]

 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2011/11/23 10:37:39 | 000,000,000 | ---D | C]

 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2011/11/23 10:37:09 | 000,000,000 | ---D | C]

 4C0CA -> C:\Documents and Settings\Robbie and Laura\Application Data\4C0CA -> [2011/11/22 23:58:08 | 000,000,000 | ---D | C]

 LP -> C:\Program Files\LP -> [2011/11/22 23:58:04 | 000,000,000 | ---D | C]

 Config.Msi -> C:\Config.Msi -> [2011/11/18 22:35:21 | 000,000,000 | ---D | C]

 GUTILS.DLL -> C:\Program Files\GUTILS.DLL -> [2009/09/27 08:17:46 | 000,042,256 | ---- | C] (Microsoft Corporation)

 WINDIFF.EXE -> C:\Program Files\WINDIFF.EXE -> [2009/09/27 08:04:37 | 000,089,360 | ---- | C] (Microsoft Corporation)

 BulkFileRenamer.exe -> C:\Program Files\BulkFileRenamer.exe -> [2009/09/27 08:02:26 | 000,356,352 | ---- | C] (Bexonsoft)

 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

 

[Files/Folders - Modified Within 30 Days]

 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/11/30 17:31:17 | 000,002,206 | ---- | M] ()

 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/11/30 17:30:50 | 000,002,048 | --S- | M] ()

 QTW.INI -> C:\WINDOWS\QTW.INI -> [2011/11/29 21:12:26 | 000,000,390 | ---- | M] ()

 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/11/29 21:12:17 | 000,100,352 | ---- | M] ()

 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/11/28 11:44:54 | 000,000,784 | ---- | M] ()

 mbam-setup-1.51.2.1300.exe -> C:\Documents and Settings\Robbie and Laura\Desktop\mbam-setup-1.51.2.1300.exe -> [2011/11/28 11:41:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    )

 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/11/27 13:00:33 | 000,004,625 | ---- | M] ()

 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/11/27 13:00:32 | 000,405,310 | ---- | M] ()

 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/11/27 13:00:32 | 000,063,860 | ---- | M] ()

 iis6.BAK -> C:\WINDOWS\iis6.BAK -> [2011/11/27 12:59:46 | 002,017,114 | ---- | M] ()

 Lsrp4F7H.exe.b -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe.b -> [2011/11/24 08:30:26 | 000,000,000 | ---- | M] ()

 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2011/11/23 23:34:02 | 000,001,915 | ---- | M] ()

 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/23 16:10:52 | 000,000,664 | ---- | M] ()

 Google Chrome.lnk -> C:\Documents and Settings\Robbie and Laura\Desktop\Google Chrome.lnk -> [2011/11/23 12:34:58 | 000,002,365 | ---- | M] ()

 Google Chrome.lnk -> C:\Documents and Settings\Robbie and Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2011/11/23 12:34:58 | 000,002,343 | ---- | M] ()

 Rbe68o.com.b -> C:\WINDOWS\System32\Rbe68o.com.b -> [2011/11/23 11:30:59 | 000,000,000 | ---- | M] ()

 CWKxWKM.dat -> C:\Documents and Settings\All Users\Application Data\CWKxWKM.dat -> [2011/11/23 11:30:46 | 000,000,112 | ---- | M] ()

 Rbe68o.com_ -> C:\WINDOWS\System32\Rbe68o.com_ -> [2011/11/23 11:30:44 | 000,112,128 | ---- | M] ()

 Rbe68o.com -> C:\WINDOWS\System32\Rbe68o.com -> [2011/11/23 11:30:44 | 000,112,128 | ---- | M] ()

 Lsrp4F7H.exe -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe -> [2011/11/23 11:30:44 | 000,112,128 | ---- | M] ()

 tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\tOhACewhlMPU0V -> [2011/11/18 14:02:34 | 000,000,432 | ---- | M] ()

 ~tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0V -> [2011/11/18 14:01:44 | 000,000,304 | ---- | M] ()

 ~tOhACewhlMPU0Vr -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0Vr -> [2011/11/18 14:01:44 | 000,000,232 | ---- | M] ()

 Document.rtf -> C:\Documents and Settings\Robbie and Laura\Desktop\Document.rtf -> [2011/11/02 22:26:28 | 000,001,192 | ---- | M] ()

 6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

 15 C:\Documents and Settings\Robbie and Laura\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Robbie and Laura\Local Settings\Temp\*.tmp -> 

 15 C:\Documents and Settings\Robbie and Laura\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Robbie and Laura\Local Settings\Temp\*.tmp -> 

 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

 

[Files - No Company Name]

 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/11/28 11:44:54 | 000,000,784 | ---- | C] ()

 Lsrp4F7H.exe -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe -> [2011/11/24 08:30:26 | 000,112,128 | ---- | C] ()

 Lsrp4F7H.exe.b -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe.b -> [2011/11/24 08:30:26 | 000,000,000 | ---- | C] ()

 Rbe68o.com -> C:\WINDOWS\System32\Rbe68o.com -> [2011/11/24 07:25:13 | 000,112,128 | ---- | C] ()

 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2011/11/23 23:34:02 | 000,001,915 | ---- | C] ()

 Rbe68o.com.b -> C:\WINDOWS\System32\Rbe68o.com.b -> [2011/11/23 11:30:59 | 000,000,000 | ---- | C] ()

 CWKxWKM.dat -> C:\Documents and Settings\All Users\Application Data\CWKxWKM.dat -> [2011/11/23 10:52:19 | 000,000,112 | ---- | C] ()

 Rbe68o.com_ -> C:\WINDOWS\System32\Rbe68o.com_ -> [2011/11/23 10:52:18 | 000,112,128 | ---- | C] ()

 ~tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0V -> [2011/11/18 14:01:44 | 000,000,304 | ---- | C] ()

 ~tOhACewhlMPU0Vr -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0Vr -> [2011/11/18 14:01:44 | 000,000,232 | ---- | C] ()

 tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\tOhACewhlMPU0V -> [2011/11/18 14:01:37 | 000,000,432 | ---- | C] ()

 Document.rtf -> C:\Documents and Settings\Robbie and Laura\Desktop\Document.rtf -> [2011/11/02 22:26:28 | 000,001,192 | ---- | C] ()

 {6B159C1D-B946-44EF-BEDA-8A31FBDDE4C4} -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\{6B159C1D-B946-44EF-BEDA-8A31FBDDE4C4} -> [2011/10/21 06:52:51 | 000,000,000 | ---- | C] ()

 {BFC79665-6DF0-4204-B804-3D30D30FFAFB} -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\{BFC79665-6DF0-4204-B804-3D30D30FFAFB} -> [2011/09/04 05:56:08 | 000,000,000 | ---- | C] ()

 User Pictures -> C:\Documents and Settings\All Users\Application Data\User Pictures -> [2010/06/03 20:28:11 | 000,000,268 | RH-- | C] ()

 Trumpet Section -> C:\Documents and Settings\Robbie and Laura\Application Data\Trumpet Section -> [2010/06/03 20:28:11 | 000,000,268 | RH-- | C] ()

 PKP_DLdw.DAT -> C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT -> [2010/06/03 20:28:11 | 000,000,020 | -H-- | C] ()

 Work - Home -> C:\Documents and Settings\All Users\Application Data\Work - Home -> [2010/06/03 20:28:11 | 000,000,012 | RH-- | C] ()

 SeaMonkeyUninstall.exe -> C:\WINDOWS\SeaMonkeyUninstall.exe -> [2010/02/14 09:00:17 | 000,118,784 | ---- | C] ()

 RaCoInst.dat -> C:\WINDOWS\System32\RaCoInst.dat -> [2010/01/02 15:27:14 | 000,013,931 | R--- | C] ()

 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/11/17 16:28:53 | 000,000,664 | ---- | C] ()

 Softy.exe -> C:\Program Files\Softy.exe -> [2009/09/27 08:03:55 | 000,250,816 | ---- | C] ()

 Screen Shoot-It.exe -> C:\Program Files\Screen Shoot-It.exe -> [2009/09/27 08:03:35 | 000,658,944 | ---- | C] ()

 ListFonts.exe -> C:\Program Files\ListFonts.exe -> [2009/09/27 08:03:09 | 000,329,728 | ---- | C] ()

 URLs -> C:\Documents and Settings\All Users\Application Data\URLs -> [2009/02/04 21:37:32 | 000,000,268 | RH-- | C] ()

 Tremolo -> C:\Documents and Settings\Robbie and Laura\Application Data\Tremolo -> [2009/02/04 21:37:32 | 000,000,268 | RH-- | C] ()

 PKP_DLdu.DAT -> C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT -> [2009/02/04 21:37:32 | 000,000,020 | -H-- | C] ()

 WebServer -> C:\Documents and Settings\All Users\Application Data\WebServer -> [2009/02/04 21:37:32 | 000,000,012 | RH-- | C] ()

 Systemdrv.sys -> C:\WINDOWS\System32\Systemdrv.sys -> [2008/12/05 18:34:41 | 000,000,014 | ---- | C] ()

 AVSDVDPlayer.m3u -> C:\Documents and Settings\Robbie and Laura\Application Data\AVSDVDPlayer.m3u -> [2008/12/02 23:47:09 | 000,000,000 | -H-- | C] ()

 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008/12/02 23:08:19 | 000,524,288 | ---- | C] ()

 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/12/02 23:08:19 | 000,139,264 | ---- | C] ()

 Unwise.exe -> C:\WINDOWS\Unwise.exe -> [2008/10/15 21:08:38 | 000,030,048 | ---- | C] ()

 d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2008/09/14 19:48:45 | 000,000,552 | ---- | C] ()

 netdet.ini -> C:\WINDOWS\netdet.ini -> [2008/06/01 00:21:32 | 000,000,082 | ---- | C] ()

 uninstwuwservice.exe -> C:\WINDOWS\System32\uninstwuwservice.exe -> [2008/06/01 00:21:24 | 000,121,285 | ---- | C] ()

 unins000.exe -> C:\WINDOWS\unins000.exe -> [2008/06/01 00:21:23 | 000,678,682 | ---- | C] ()

 unins000.dat -> C:\WINDOWS\unins000.dat -> [2008/06/01 00:21:23 | 000,000,960 | ---- | C] ()

 sm56spn.dll -> C:\WINDOWS\sm56spn.dll -> [2008/03/18 13:01:10 | 000,065,536 | R--- | C] ()

 sm56itl.dll -> C:\WINDOWS\sm56itl.dll -> [2008/03/18 13:01:10 | 000,065,536 | R--- | C] ()

 sm56ger.dll -> C:\WINDOWS\sm56ger.dll -> [2008/03/18 13:01:10 | 000,065,536 | R--- | C] ()

 sm56fra.dll -> C:\WINDOWS\sm56fra.dll -> [2008/03/18 13:01:10 | 000,065,536 | R--- | C] ()

 sm56eng.dll -> C:\WINDOWS\sm56eng.dll -> [2008/03/18 13:01:10 | 000,065,536 | R--- | C] ()

 sm56brz.dll -> C:\WINDOWS\sm56brz.dll -> [2008/03/18 13:01:10 | 000,065,536 | R--- | C] ()

 sm56jpn.dll -> C:\WINDOWS\sm56jpn.dll -> [2008/03/18 13:01:10 | 000,049,152 | R--- | C] ()

 sm56cht.dll -> C:\WINDOWS\sm56cht.dll -> [2008/03/18 13:01:10 | 000,045,056 | R--- | C] ()

 sm56chs.dll -> C:\WINDOWS\sm56chs.dll -> [2008/03/18 13:01:10 | 000,045,056 | R--- | C] ()

 eReg.dat -> C:\WINDOWS\eReg.dat -> [2008/03/06 21:04:23 | 000,000,740 | ---- | C] ()

 UAService7.exe -> C:\WINDOWS\System32\UAService7.exe -> [2008/03/06 20:20:49 | 000,126,976 | ---- | C] ()

 PowerReg.dat -> C:\WINDOWS\PowerReg.dat -> [2008/02/21 08:29:49 | 000,000,000 | ---- | C] ()

 PCB123.INI -> C:\WINDOWS\PCB123.INI -> [2007/11/12 16:23:46 | 000,000,000 | ---- | C] ()

 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/11/06 22:34:16 | 000,000,047 | ---- | C] ()

 CADSTD.INI -> C:\WINDOWS\CADSTD.INI -> [2007/10/17 17:42:13 | 000,000,294 | ---- | C] ()

 SOFTEK.INI -> C:\WINDOWS\SOFTEK.INI -> [2007/10/14 17:41:14 | 000,000,221 | ---- | C] ()

 Creator.INI -> C:\WINDOWS\Creator.INI -> [2007/10/03 13:00:48 | 000,000,253 | ---- | C] ()

 wklnhst.dat -> C:\Documents and Settings\Robbie and Laura\Application Data\wklnhst.dat -> [2007/09/15 01:00:47 | 000,034,610 | -H-- | C] ()

 dvd.bmk -> C:\Documents and Settings\Robbie and Laura\Application Data\dvd.bmk -> [2007/07/16 14:49:38 | 000,069,632 | -H-- | C] ()

 d3dx.dat -> C:\WINDOWS\d3dx.dat -> [2007/07/13 10:49:20 | 000,004,096 | ---- | C] ()

 jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2007/07/08 12:11:00 | 000,006,550 | ---- | C] ()

 QTW.INI -> C:\WINDOWS\QTW.INI -> [2007/06/01 17:09:46 | 000,000,390 | ---- | C] ()

 PDDLLW32.DLL -> C:\WINDOWS\System32\PDDLLW32.DLL -> [2007/04/16 09:46:33 | 000,240,128 | ---- | C] ()

 redllw32.dll -> C:\WINDOWS\System32\redllw32.dll -> [2007/04/16 09:46:32 | 000,455,168 | ---- | C] ()

 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2007/04/13 14:38:23 | 000,010,240 | ---- | C] ()

 QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/03/06 08:43:14 | 000,002,903 | -H-- | C] ()

 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/03/03 17:07:20 | 000,100,352 | ---- | C] ()

 iplayer.INI -> C:\WINDOWS\iplayer.INI -> [2007/02/17 17:38:17 | 000,000,164 | ---- | C] ()

 OggDSuninst.exe -> C:\WINDOWS\System32\OggDSuninst.exe -> [2007/02/17 14:26:44 | 000,036,697 | ---- | C] ()

 ka.ini -> C:\WINDOWS\ka.ini -> [2007/02/08 07:32:58 | 000,000,336 | ---- | C] ()

 popcinfo.dat -> C:\WINDOWS\popcinfo.dat -> [2007/01/31 19:55:08 | 000,000,016 | ---- | C] ()

 KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2007/01/25 14:36:46 | 000,002,516 | -HS- | C] ()

 58BAB6BAC6.sys -> C:\WINDOWS\System32\58BAB6BAC6.sys -> [2007/01/25 14:36:46 | 000,000,088 | RHS- | C] ()

 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2007/01/24 22:37:16 | 000,000,335 | ---- | C] ()

 GREUninstall.exe -> C:\WINDOWS\GREUninstall.exe -> [2007/01/24 22:37:08 | 000,118,784 | ---- | C] ()

 mozver.dat -> C:\WINDOWS\mozver.dat -> [2007/01/24 22:37:06 | 000,010,627 | ---- | C] ()

 lexstat.ini -> C:\WINDOWS\lexstat.ini -> [2007/01/24 21:26:03 | 000,000,552 | ---- | C] ()

 fusioncache.dat -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\fusioncache.dat -> [2007/01/24 21:18:58 | 000,000,139 | ---- | C] ()

 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/11/28 09:11:37 | 000,000,061 | ---- | C] ()

 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/11/28 09:03:58 | 000,000,376 | ---- | C] ()

 wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/11/28 08:59:17 | 000,003,135 | ---- | C] ()

 setpwrcg.exe -> C:\WINDOWS\setpwrcg.exe -> [2006/11/28 08:31:17 | 000,049,152 | ---- | C] ()

 igmedkrn.dll -> C:\WINDOWS\System32\igmedkrn.dll -> [2006/11/28 08:31:05 | 000,348,880 | ---- | C] ()

 igfxCoIn_v4642.dll -> C:\WINDOWS\System32\igfxCoIn_v4642.dll -> [2006/11/28 08:31:05 | 000,192,512 | ---- | C] ()

 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/11/28 08:29:23 | 000,000,392 | ---- | C] ()

 px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/10 01:56:34 | 000,000,000 | ---- | C] ()

 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2005/08/16 04:48:31 | 000,002,048 | --S- | C] ()

 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2005/08/16 04:38:45 | 000,021,640 | ---- | C] ()

 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/08/16 04:37:24 | 000,001,793 | ---- | C] ()

 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/08/16 04:33:38 | 000,004,161 | ---- | C] ()

 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2005/08/16 04:27:59 | 000,298,048 | ---- | C] ()

 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2005/08/16 04:18:35 | 000,004,569 | ---- | C] ()

 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2005/08/16 04:18:33 | 000,405,310 | ---- | C] ()

 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2005/08/16 04:18:33 | 000,272,128 | ---- | C] ()

 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2005/08/16 04:18:33 | 000,063,860 | ---- | C] ()

 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2005/08/16 04:18:33 | 000,028,626 | ---- | C] ()

 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2005/08/16 04:18:32 | 000,004,627 | ---- | C] ()

 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2005/08/16 04:18:30 | 013,107,200 | ---- | C] ()

 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2005/08/16 04:18:28 | 000,000,741 | ---- | C] ()

 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2005/08/16 04:18:23 | 000,673,088 | ---- | C] ()

 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2005/08/16 04:18:23 | 000,046,258 | ---- | C] ()

 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2005/08/16 04:18:15 | 000,218,003 | ---- | C] ()

 dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2005/08/16 04:18:08 | 000,001,804 | ---- | C] ()

 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 14:01:54 | 000,239,104 | ---- | C] ()

 LXBFIH.EXE -> C:\WINDOWS\System32\LXBFIH.EXE -> [2003/09/22 23:58:20 | 000,086,016 | ---- | C] ()

 LXBFLCNP.DLL -> C:\WINDOWS\System32\LXBFLCNP.DLL -> [2003/09/22 23:48:43 | 000,077,824 | ---- | C] ()

 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()

 lxbfvs.dll -> C:\WINDOWS\System32\lxbfvs.dll -> [2002/11/13 13:40:22 | 000,040,960 | ---- | C] ()

 OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/09/29 05:24:22 | 000,192,512 | ---- | C] ()

 vorbisenc.dll -> C:\WINDOWS\System32\vorbisenc.dll -> [2002/09/29 05:23:16 | 000,921,600 | ---- | C] ()

 vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/09/29 05:23:14 | 000,188,416 | ---- | C] ()

 ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/09/29 05:23:07 | 000,045,056 | ---- | C] ()

 lxbfcoin.ini -> C:\WINDOWS\System32\lxbfcoin.ini -> [2002/09/04 12:42:38 | 000,000,188 | ---- | C] ()

 mciwa16.dll -> C:\WINDOWS\System32\mciwa16.dll -> [2002/01/25 08:04:50 | 000,005,440 | ---- | C] ()

 pspsbext.ini -> C:\WINDOWS\System32\pspsbext.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 pspfidrv.ini -> C:\WINDOWS\System32\pspfidrv.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 pspfbase.ini -> C:\WINDOWS\System32\pspfbase.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 pspaudrv.ini -> C:\WINDOWS\System32\pspaudrv.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 pspapdrv.ini -> C:\WINDOWS\System32\pspapdrv.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 mciwaw95.ini -> C:\WINDOWS\System32\mciwaw95.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 mcipspwa.ini -> C:\WINDOWS\System32\mcipspwa.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 mcipspct.ini -> C:\WINDOWS\System32\mcipspct.ini -> [2002/01/25 08:04:50 | 000,000,221 | ---- | C] ()

 pspwave.ini -> C:\WINDOWS\System32\pspwave.ini -> [2002/01/25 08:04:50 | 000,000,220 | ---- | C] ()

 pspdss.ini -> C:\WINDOWS\System32\pspdss.ini -> [2002/01/25 08:04:50 | 000,000,219 | ---- | C] ()

 pspddi.ini -> C:\WINDOWS\System32\pspddi.ini -> [2002/01/25 08:04:50 | 000,000,219 | ---- | C] ()

 INSTMON.EXE -> C:\WINDOWS\System32\INSTMON.EXE -> [2001/01/19 13:50:20 | 000,040,960 | ---- | C] ()

< End of report >



#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:24 AM

Posted 01 December 2011 - 08:30 PM

Good Evening!

You mentioned that you ran MBAM and it found some items.

Would you mind posting that log file for me to review?

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.


NEXT:




Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Motive SmartBridge" -> [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe]
YN -> "Symantec PIF AlertEng" -> ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Uniblue RegistryBooster2" -> [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S]
YN -> "Weather" -> [C:\Program Files\AWS\WeatherBug\Weather.exe 1]
YN -> "Yahoo! Pager" -> [1]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20]
YN -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" -> [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0]
[Files/Folders - Created Within 30 Days]
NY ->  FCTB000060231 -> C:\Documents and Settings\NetworkService\Application Data\FCTB000060231
NY ->  4C0CA -> C:\Documents and Settings\Robbie and Laura\Application Data\4C0CA
[Files/Folders - Modified Within 30 Days]
NY ->  Lsrp4F7H.exe.b -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe.b
NY ->  Rbe68o.com.b -> C:\WINDOWS\System32\Rbe68o.com.b
NY ->  CWKxWKM.dat -> C:\Documents and Settings\All Users\Application Data\CWKxWKM.dat
NY ->  Rbe68o.com_ -> C:\WINDOWS\System32\Rbe68o.com_
NY ->  Rbe68o.com -> C:\WINDOWS\System32\Rbe68o.com
NY ->  Lsrp4F7H.exe -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe
NY ->  tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\tOhACewhlMPU0V
NY ->  ~tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0V
NY ->  ~tOhACewhlMPU0Vr -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0Vr
[Files - No Company Name]
NY ->  Lsrp4F7H.exe -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe
NY ->  Lsrp4F7H.exe.b -> C:\Documents and Settings\All Users\Application Data\Lsrp4F7H.exe.b
NY ->  Rbe68o.com -> C:\WINDOWS\System32\Rbe68o.com
NY ->  Rbe68o.com.b -> C:\WINDOWS\System32\Rbe68o.com.b
NY ->  CWKxWKM.dat -> C:\Documents and Settings\All Users\Application Data\CWKxWKM.dat
NY ->  Rbe68o.com_ -> C:\WINDOWS\System32\Rbe68o.com_
NY ->  ~tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0V
NY ->  ~tOhACewhlMPU0Vr -> C:\Documents and Settings\All Users\Application Data\~tOhACewhlMPU0Vr
NY ->  tOhACewhlMPU0V -> C:\Documents and Settings\All Users\Application Data\tOhACewhlMPU0V
NY ->  {6B159C1D-B946-44EF-BEDA-8A31FBDDE4C4} -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\{6B159C1D-B946-44EF-BEDA-8A31FBDDE4C4}
NY ->  {BFC79665-6DF0-4204-B804-3D30D30FFAFB} -> C:\Documents and Settings\Robbie and Laura\Local Settings\Application Data\{BFC79665-6DF0-4204-B804-3D30D30FFAFB}
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 02 December 2011 - 12:42 AM

Here's the MalwareBytes log. I'm going to download the other stuff and run it, and then I'll reply again.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8258

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/28/2011 2:16:17 PM
mbam-log-2011-11-28 (14-16-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 336143
Time elapsed: 1 hour(s), 25 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Guest\application data\microsoft\6EB4\258.tmp (Malware.Packer) -> Quarantined and deleted successfully.
c:\documents and settings\robbie and laura\local settings\application data\thinstall\Cache\Stubs\4d8cee5397c6f0e2d81bff2257a46f1ef81d4555\lithtech.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\robbie and laura\my documents\downloads\setupplaysushi (1).exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\program files\LP\6EB4\24F.tmp (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\LP\6EB4\7CC.tmp (Malware.Packer) -> Quarantined and deleted successfully.

#6 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 02 December 2011 - 01:00 AM

I ran the fix in OTS, but it froze. I waited a long time, but nothing was happening. The taskbar was dead, and I couldn't select different windows. (The only three windows I had open were this forum, OTS, and the virus fix folder I created on the desktop for the stuff you tell me to download.)

I finally pressed Ctl-Alt-Del and told the Task Manager to end OTS. After that I still couldn't select different windows from the task bar. So I brought up the task manager again and told it to restart.

It got stuck in the restarting process, so I pulled the power cord and started over.

In your instructions, OTS was supposed to be done before Combo Fix, so I didn't do Combo Fix.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:24 AM

Posted 02 December 2011 - 02:30 AM

Sorry to hear you experienced some issues when you ran OTS. I'd like to have you please proceed with running the ComboFix scan and see what that finds.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 02 December 2011 - 10:41 AM

I ran Combo Fix, and it said it had detected a serious root kit. During the process it detected root kit activity, and had to reboot the computer.

It went through the process of fixing a lot of things, going all the way to stage 50. Then it deleted a bunch of files. Then it rebooted the computer again. When the computer restarted, Combo Fix displayed a screen that said it was preparing a log file. I got an error box saying that something couldn't run, and the only two choices were "OK" and "OK", so I clicked OK. Then there were two Microsoft error report boxes. I figured I didn't need to take note of what the specific errors were because Combo Fix was preparing a log. Unfortunately, nothing happened after that. My screen saver went to black screen, and when I moved the mouse all I saw was the wallpaper, no folders, no Combo Fix, and no task bar. Ctl Alt Del didn't do anything, so the only thing to do was pull the plug and start over again.

Sorry, there is no log file. But the good news is that the computer seems to be running faster, and it boots normally again. For a long time I used to get a couple of weird windows during the boot sequence. One of them looked like a DOS command window that would appear and then disappear. The other was a folder that said C:/Common, if I remember correctly. This latest boot was normal, without the extra stuff.

Do you want me to run another scan to see what's going on now?

#9 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 02 December 2011 - 11:44 AM

Sorry, I forgot to tell you that the Google search redirect is not happening any more.

#10 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 02 December 2011 - 10:34 PM

I'm still having a problem with Google Chrome. When searching google images, only three rows of pictures are displayed in the results. Also, during a web search it allows only three or four letters to be entered into the text box and then the page locks up.

Is this a problem with the settings in the browser, or is it still a problem with the redirecting virus? When viewing pages other than

#11 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2011 - 12:37 AM

When viewing pages other than a google search, google chrome seems to function normally.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:24 AM

Posted 03 December 2011 - 03:58 AM

Good Evening!

Do you want me to run another scan to see what's going on now?

Yes, I'd like to have you run another scan with ComboFix and see what the log file shows me.

Sorry, I forgot to tell you that the Google search redirect is not happening any more.

Good! That's great to hear!

I'm still having a problem with Google Chrome. When searching google images, only three rows of pictures are displayed in the results. Also, during a web search it allows only three or four letters to be entered into the text box and then the page locks up.

Is this a problem with the settings in the browser, or is it still a problem with the redirecting virus? When viewing pages other than

hmm.. It's possible that it could be malware related or a browser issue, when I see the ComboFix log, I may have a better idea of what it's from.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2011 - 10:30 AM

OK, I'll run Combo Fix again and see what happens.

Edited by rob reynolds, 03 December 2011 - 10:31 AM.


#14 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2011 - 12:09 PM

Combo Fix ran perfectly this time, without rebooting. It prompted me to download the latest version, which I did, then it ran.
I am really impressed with your work. You guys are awesome.

Here is the log.


ComboFix 11-12-03.01 - Robbie and Laura 12/03/2011 10:05:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.554 [GMT -6:00]
Running from: c:\documents and settings\Robbie and Laura\Desktop\virus fix\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Lsrp4F7H.exe
c:\documents and settings\Robbie and Laura\g2mdlhlpx.exe
c:\program files\LP\6EB4\7CD.tmp
c:\windows\$NtUninstallKB31784$\122780537\@
c:\windows\$NtUninstallKB31784$\122780537\bckfg.tmp
c:\windows\$NtUninstallKB31784$\122780537\cfg.ini
c:\windows\$NtUninstallKB31784$\122780537\Desktop.ini
c:\windows\$NtUninstallKB31784$\122780537\kwrd.dll
c:\windows\$NtUninstallKB31784$\122780537\L\pdmzmplg
c:\windows\$NtUninstallKB31784$\122780537\lsflt7.ver
c:\windows\$NtUninstallKB31784$\122780537\U\00000001.@
c:\windows\$NtUninstallKB31784$\122780537\U\00000002.@
c:\windows\$NtUninstallKB31784$\122780537\U\00000004.@
c:\windows\$NtUninstallKB31784$\122780537\U\80000000.@
c:\windows\$NtUninstallKB31784$\122780537\U\80000004.@
c:\windows\$NtUninstallKB31784$\122780537\U\80000032.@
c:\windows\$NtUninstallKB31784$\414593780
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Rbe68o.com
c:\windows\system32\Rbe68o.com_
c:\windows\system32\Thumbs.db
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-02 05:44 . 2011-12-02 05:44 -------- d-----w- C:\_OTS
2011-11-28 17:45 . 2011-11-28 17:45 -------- d-----w- c:\documents and settings\Robbie and Laura\Application Data\Malwarebytes
2011-11-28 17:44 . 2011-11-28 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-28 17:44 . 2011-11-28 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-28 17:44 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 06:25 . 2011-11-24 06:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FCTB000060231
2011-11-24 05:55 . 2011-11-24 05:55 -------- d-----w- c:\windows\system32\%APPDATA%
2011-11-24 04:24 . 2011-11-24 04:24 -------- d-----w- c:\documents and settings\Robbie and Laura\Application Data\FCTB000060231
2011-11-24 04:24 . 2011-11-24 04:24 -------- d-----w- c:\program files\Dogpile Bundle Toolbar
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- c:\program files\Virtools
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- c:\program files\Costco
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- c:\program files\Common Files\HP
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- C:\VXIPNP
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- c:\program files\NDW
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- c:\program files\National Instruments
2011-11-24 04:18 . 2011-11-24 04:18 -------- d-----w- c:\program files\Nvu
2011-11-24 04:17 . 2011-11-24 04:17 -------- d-----w- c:\program files\Novatel Wireless
2011-11-24 04:17 . 2011-11-24 04:17 -------- d-----w- c:\program files\JumpStart Spy Masters
2011-11-24 04:17 . 2011-11-24 04:17 -------- d-----w- c:\program files\Verizon Wireless
2011-11-24 04:17 . 2011-11-24 04:17 -------- d-----w- c:\program files\Common Files\TiVo Shared
2011-11-24 04:17 . 2011-11-24 04:17 -------- d-----w- c:\windows\system32\DLA
2011-11-23 18:14 . 2011-11-23 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-23 11:30 . 2011-11-23 11:30 -------- d-----w- c:\documents and settings\Guest\Application Data\4C0CA
2011-11-23 11:24 . 2011-11-23 11:24 -------- d-----w- c:\documents and settings\phillip\Application Data\4C0CA
2011-11-23 05:58 . 2011-11-24 04:10 -------- d-----w- c:\documents and settings\Robbie and Laura\Application Data\4C0CA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-08 18:30 . 2009-09-27 14:02 356352 ----a-w- c:\program files\BulkFileRenamer.exe
2003-04-22 23:52 . 2009-09-27 14:03 658944 ----a-w- c:\program files\Screen Shoot-It.exe
2003-04-06 01:03 . 2009-09-27 14:17 42256 ----a-w- c:\program files\GUTILS.DLL
2003-04-03 06:20 . 2009-09-27 14:04 89360 ----a-w- c:\program files\WINDIFF.EXE
1998-05-06 01:10 . 2009-09-27 14:03 250816 ----a-w- c:\program files\Softy.exe
1997-06-05 17:28 . 2009-09-27 14:03 329728 ----a-w- c:\program files\ListFonts.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-04-29 357376]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-04-29 03:05 1534976 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-04-29 1534976]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-04-29 1534976]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SMSERIAL"="sm56hlpr.exe" [2004-12-28 544768]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Robbie and Laura\Start Menu\Programs\Startup\
HughesNetStatusMeter.lnk - c:\program files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-28 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Doom2\\Legacy.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\ToolbarUpdate.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/28/2011 11:44 AM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/28/2011 11:44 AM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 9:15 PM 135664]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [3/18/2008 8:49 PM 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [3/18/2008 8:49 PM 28800]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 9:15 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.142.152.254 64.91.3.46 0.0.0.0
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-Uniblue RegistryBooster2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-Motive SmartBridge - c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
AddRemove-SBC Self Support Tool - c:\progra~1\SBCSEL~1\CustomUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4036946309-882686000-1728371394-1006\Software\SecuROM\License information*]
"datasecu"=hex:7e,ea,13,51,27,3c,54,86,2e,10,02,0c,c4,3a,b8,73,63,f8,c7,4a,59,
6e,47,61,28,ff,5f,25,83,df,34,aa,11,64,c0,63,1a,ff,22,fc,38,47,c9,a0,7f,f1,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-03 10:56:17
ComboFix-quarantined-files.txt 2011-12-03 16:55
.
Pre-Run: 6,989,168,640 bytes free
Post-Run: 6,970,286,080 bytes free
.
- - End Of File - - 424D36228867DA53A3A5871E61EBEEB7

#15 rob reynolds

rob reynolds
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2011 - 12:36 PM

I launched Google Chrome. The web search is behaving properly now, but an image search still produces only three rows of images. The page is super long, like you would expect if it were loaded with images, but it's just a lot of empty scrolling. The usual Google stuff isn't there at the bottom of the page, where you would expect it to prompt you to go to the next page of results. It's just empty, as if the bottom of the page didn't load.

Also, Google Chrome takes a long time to think about stuff before it loads anything. When I bring up a new tab, it will usually produce an error message saying that there is something wrong with it. If I type an address, it will load normally.

Other than that, the computer seems to be working very well.

Maybe I just need to reinstall Google Chrome?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users